Attack Types

Question 1

What is social engineering?

Answer 1

Social engineering is the process by which the attacker seeks to extract info from users by tricking them into helping the attacker. It’s very successful because it relies on human emotions.

Question 2

What is phishing?

Answer 2

Phishing is a type of social engineering conducted via electronic communications. It is an attempt to acquire sensitive info by pretending to be a trustworthy entity, typically via email. Phisher tries to persuade victim to perform a series of actions that provides access to confidential info. Phishing emails have gotten more sophisticated, but user education is the best defense against this.

Question 3

What is spear phishing?

Answer 3

Spear phishing is a targeted form of phishing, often aimed at a specific individual. In contrast, phishing often involves mass emailing.

Question 4

What is whaling?

Answer 4

Whaling is almost identical to spear phishing, except it goes after high profile targets like executives.

Question 5

What is vishing?

Answer 5

AKA voice phishing. Attacker uses a fake caller ID to appear as a trusted organization and attempts to get the individual to enter account details over the phone.

Question 6

What is smishing?

Answer 6

AKA SMS phishing. Attack that uses phishing methods via text messaging.

Question 7

What is pharming?

Answer 7

Pharming redirects the victims to a fake website, even if user enters the correct website url. This is typically possible via another attack, such as DNS cache poisoning.

Question 8

What is tailgating?

Answer 8

Tailgating involves piggybacking or following closely behind someone who has authorized physical access within an environment. It also involves appearing to be a part of an authorized group or capitalizing on people’s desires.

Question 9

What is a mantrap?

Answer 9

It’s an airlock-like mechanism that allows one one person to pass at a time. It’s intended to provide entrance control and prevent tailgating.

Question 10

What is impersonation?

Answer 10

A method in which someone assumes the character or appearance of someone else.

Question 11

What is dumpster diving?

Answer 11

The act of scavenging for discarded equipment and documents in the trash.

Question 12

What is shoulder surfing?

Answer 12

Looking over one’s shoulder to obtain information. Prevention of this is user awareness, but can be assisted by mirrors or screen overlays.

Question 13

How are hoaxes harmful?

Answer 13

Hoaxes present a threat that does not actually exist at face value. The real harm is in the response to the hoax, which can create unnecessary fear and irrational behaviors.

Question 14

What is a watering hole attack?

Answer 14

Similar to spear fishing but instead of using email, the attacker attacks a site that the target frequently visits. The goal is to compromise the larger environment, such as the company the target works for. These attacks are commonly used in conjunction with a zero-day exploit.

Question 15

Name the principles of influence that a social engineer might use

Answer 15

1. Authority
2. Intimidation
3. Consensus/social proof
4. Scarcity/ urgency
5. Familiarity/liking
6. Trust

Question 16

What is spoofing?

Answer 16

Spoofing is a method of providing false identity info to gain unauthorized access.

Question 17

How does IP and MAC spoofing work?

Answer 17

IP spoofing is where the attacker modifies the source address of traffic or the source of info. Attacker can pretend to be the system of of a forged io address. Similarly, MAC spoofing can forge a MAC address and potentially gain access control.
**IP spoofing seeks to bypass IP address filters by setting up a connection from a client and sourcing the packets with an IP address that is allowed through the filter.

Question 18

What is the difference between blind and informed spoofing?

Answer 18

Blind spoofing is where the attacker sends data and only makes assumptions of responses. Informed spoofing is where an attacker can participate in a session and can monitor the bidirectional communications.

Question 19

What is a buffer overflow?

Answer 19

Occurs when data given to an application or service exceeds the storage space that was allocated in memory for that app/service. The overflow of input data must be discarded or somehow handled by the application. A buffer overflow can cause data or memory storage to be overwritten, result in a denial of service, and an originator can execute arbitrary code at a privilege level.

Question 20

What is an integer overflow?

Answer 20

A type of overflow that is specific to whole numbers.

Question 21

What is privilege escalation?

Answer 21

Gaining special privileges through a programming error or oversight.

Question 22

What is a zero-day attack?

Answer 22

AKA zero hour or day zero attack. It’s an attack that tries to exploit computer app vulnerabilities that are unknown to others or even the software developer. Uses Zero-day exploits, which are software that uses a security hole to carry out an attack. Zero-day vulnerabilities do not have a patch available yet and are not detected by anti-malware software.

Question 23

What is cross-site scripting (XSS)?

Answer 23

A type of code injection where malicious script is placed client-side on a website. An attacker can cause an unknowing user to conduct unauthorized access activities, expose confidential data, and log successful attacks back to the attacker without being aware. XSS vulnerabilities can be used to hijack the user’s session.

Question 24

What is cross-site request forgery (CSRF or XSRF)?

Answer 24

Attack that causes end users to execute an unwanted action on a site they are already logged into (currently authenticated).

Question 25

What is SQL injection?

Answer 25

Malicious code is inserted into strings that are later passed to a database server. The server then parses and executes the code.

Question 26

What is a DLL injection?

Answer 26

DLL (dynamic link libraries) injection inserts malicious code into a running process. It works by hooking the legitimate running process into the malicious DLLs and then running them.

Question 27

What is URL hijacking (aka typo squatting)?

Answer 27

Typo squatting relies on typographic errors users make on the Internet.

Question 28

What is domain hijacking?

Answer 28

It’s when the domain is taken over without the original owner’s knowledge or consent. Can occur when domain expires, but typically occurs via direct attacks due to security issues.

Question 29

What is clickjacking?

Answer 29

When an attacker can hijack clicks by taking advantage of browser vulnerabilities. It allows the attacker to redirect clicks or keystrokes to something the user does not expect.

Question 30

What is session hijacking?

Answer 30

Attackers steal a session cookie to gain access to that site.

Question 31

What is a man-in-the-middle attack?

Answer 31

It’s when an attacker intercepts traffic and either eavesdrops on traffic or alters it. The attacker tricks both parties into thinking they are communicating with each other. These attacks are possible due to the TCP handshake process. These attacks are not as prevalent due to prevention techniques, but man in the browser attacks have increased. MITB attack is a Trojan that infects web browser components such as plug-ins and helper objects.

Question 32

What is a replay attack?

Answer 32

Replay attacks use sniffers to capture packets and extract pertinent information. After extraction, the packets are returned to the network.

Question 33

What is a pass-the-hash attack?

Answer 33

The attacker gains access to the cryptographic hash and can pass this hash value to a system for authentication. The. Attacker does not need the actual password.

Question 34

What is ARP poisoning?

Answer 34

ARP poisoning is when an attacker broadcasts a fake or spoofed ARP reply to an entire network and poison all computers. ARP does not require validation. When ARP requests are sent, the requesting devices believe the incoming ARP replies are from the correct devices. This makes it possible for perpetrators ti trick a device into thinking any IP address is related to any MAC address.

Question 35

What is DNS poisoning?

Answer 35

When an attacker redirects traffic by changing the IP record for a specific domain, allowing attackers to send legitimate traffic anywhere they choose. It also caches this info for a short period, distributing the attack’s effect to server users. AKA DNS cache poisoning

Question 36

What is the difference between an authoritative and recursive DNS server?

Answer 36

Both DNS servers share information, but the difference is that recursive servers maintain info in cache. This means recursive servers can answer queries for resource records even if it can’t resolve the request directly. **An open-recursive DNS server responds to any lookup request without checking where it originates.

Question 37

How does a DoS work?

Answer 37

Usually a DoS involves flooding a listening port on your machine with packets. The idea is to make your system so busy processing the new connections that it cannot process legit service requests. It’s executed by manipulating protocols.

Question 38

DoS: What is smurf/smurfing?

Answer 38

Based on Internet Control Message Protocol (ICMP) reply function, AKA ping command. Attacker sends ping packets to the broadcast address of network and replaces original source address with source address of victim. Causes flood of traffic to the unsuspecting device.

Question 39

DoS: What is a fraggle?

Answer 39

It’s an attack that’s similar to a Smurf attack, but instead of using ICMP it uses UDP. The spoofed UDP packets are directed to port 7 (echo) or port 19 (chargen). A character generator attack can run when connected to port 19.

Question 40

DoS: What is ping flooding?

Answer 40

An attack that tries to block service or reduce activity on a host by sending ping requests directly to the victim. **Ping of death is when the packet size is too large and the system does not know how to handle the packets.

Question 41

DoS: What is a SYN flood?

Answer 41

Attack where the source system sends a flood of SYN requests but never sends the final ACK. This leaves the TCP session half-open and since the TCP stack waits before resetting the port, the attack overflows the destination computer’s connection buffer. This makes impossible to service connection requests from valid users.

Question 42

DoS: What is a land attack?

Answer 42

It’s where an attacker spoofs a TCP/IP SYN packet to the victim system with the same source and destination IP address and same source and destination ports. This creates confusion for the system as it tries to respond to the packet.

Question 43

DoS: What is a teardrop attack?

Answer 43

This attack targets a known behavior of UDP in the TCP/IP stack of some OS. It sends fragmented UDP packets to the victim with odd offset values in subsequent packets. When OS tries to rebuild the original packets, the fragments overwrite each other. This causes confusion and likely crash the system.

Question 44

What is a Distributed Denial of Service (DDoS)?

Answer 44

The attacker distributes zombie software that gives the attacker partial or full control of the infected computer system. The attacker does this by creating masters (computers running the client software), which then create zombies. The software running on the zombies can launch multiple types of attacks. When enough systems are compromised with zombie software, they can launch an attack from a wide variety of hosts. The attacks are DoS attacks, but the effects are multiplied from total number of zombies (resulting in DDoS).

Question 45

DoS: What is the difference between reflection and amplification?

Answer 45

Reflection is where the attacker takes advantage of legitimate third-party services (DNS, network time, etc) and the source address is spoofed to be that of the victim’s. Any replies from the service will be directed at the victim and hiding the attacker’s identity.
Amplification is where the attack is magnified, increasing the amount of traffic sent to the victim.

Question 46

How does a brute force attack work?

Answer 46

It uses cryptoanalysis or algorithms capable of performing exhaustive key searches. This type of attack can quickly crack a simple password, but can take a lot more time and power on complex passwords. This is because it attempts to exhaust all possible combinations of letters, numbers, and symbols.

Question 47

What is a hybrid attack?

Answer 47

This attack uses the dictionary attack method of using every word in a dictionary to gain access, but includes numbers at the end of word, substituting numbers for letters, capitalizing first letters.

Question 48

How does a birthday attack work?

Answer 48

A birthday attack finds collisions within hash functions, resulting in a more efficient method of brute-forcing one-way hashes. It gets its name from the birthday paradox.

Question 49

What is a rainbow table?

Answer 49

It’s essentially a large set of precomputed hash values for every possible combination of characters. An attacker can use this to efficiently crack hashed passwords. Best practice to prevent this is to lock accounts after several attempts (online attacks).

Question 50

What is a known plain-text attack (KPA)?

Answer 50

KPA is an attack that involves having a corresponding piece of both the plain text and cipher text. Having a single word or phrase match can reveal more information.

Question 51

How does a downgrade attack occur?

Answer 51

It typically results from security configurations not being updated, usually from the desire for backwards compatibility.

Question 52

What are countermeasures to weak implementation and password-based attacks?

Answer 52

Multifactor authentication is an important countermeasure. This can include combing something you know (password) with something you have (one time use token or code sent to your phone). Password hashes can also use a “salt”. Salting adds a prefix of a random string of characters to passwords before they are hashed. This makes the hash more random and difficult for an attacker to crack unless they know the value of the salt that needs to be removed.

Question 53

What is a sniffer (wireless)?

Answer 53

A hardware or software device capable of capturing the data or packets that traverse across the wireless channel. When traffic being sent across the network is unencrypted, packet sniffing enables the attacker to capture data and decode it.

Question 54

What is a rogue access point?

Answer 54

It’s where an unauthorized wireless access point has been set up. They can also serve as an “evil twin”. An evil twin is a type of MITM attack where the hijacker acts as an access point to the client and also acts as a client to the true network access point.

Question 55

How can you detect a rogue access point?

Answer 55

Wireless sniffing applications are commonly used to detect rogue ap’s. Companies can also employ wireless site surveys, which during the process will look for rogue ap’s because they can negatively impact not just security, but also QoS on the network.

Question 56

How does an IV attack occur?

Answer 56

An IV is an input to a cryptographic algorithm, essentially a random number. Ideally it should be unique and unpredictable, if it’s not, it has a high probability of being repeated after a small number of packets. This makes it more prone to attacks (too short/predictable).

Question 57

Wi-fi Protected Setup (WPS)

Answer 57

WPS should be always be disabled. Additionally, a firmware may be required to completely disable it.
This is due to a severe security vulnerability that was found in 2011 (pin can easily be cracked within hours via brute-force attacks).

Question 58

What is the difference between bluejacking and bluesnarfing?

Answer 58

Bluejacking is when a device connected to Bluetooth receives texts and messages broadcasting spam sent from a nearby Bluetooth-enabled device. These messages appear to come from the user’s device, leading the user to follow prompts and establish a connection to the attackers device.
Bluesnarfing is a more aggressive attack. When paired with the attacker’s device, the user’s data becomes available for unauthorized access, modification, or deletion.

Question 59

What is the difference between Near Field Communication (NFC) and Radio Frequency Identification (RFID)?

Answer 59

NFC is based on RFID protocols. NFC provides peer-to-peer communication, which is different from RFID devices. RFID requires a tag (active or passive) and a reader, but an NFC chip functions as both a reader and a tag.